The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Saw these running in top, can you help identify?

Discussion in 'General Discussion' started by Metro2, Jun 18, 2006.

  1. Metro2

    Metro2 Well-Known Member

    Joined:
    May 24, 2006
    Messages:
    376
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Saw these running when I took an SSH peek at top tonight:

    /usr/bin/find /dev /tmp /lib /etc /var ( -name tcp.log -o -name .linux-sniff -o -name sniff-l0g -o -name core_ )


    find /lib /usr/lib /usr/local/lib -name libproc.a

    I'm a bit concerned because I don't recognize them and the server load was a bit high at the moment I noticed them.

    Can anyone give me an idea of what those are, friend or foe, why they'd be running?

    Thank you.
     
  2. jester.ro

    jester.ro Well-Known Member
    PartnerNOC

    Joined:
    Feb 6, 2004
    Messages:
    304
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bucharest, Romania
    cPanel Access Level:
    DataCenter Provider
    hehe

    had a client that came sooo close to reinstalling his box after he saw those in the process list.

    that's the exact process that appears when chkrootkit is running.
    Check to see if you have it start periodicaly from a cron, or maybe someone else with acces to the box was running it at the time you cheked.

    But i'm pretty sure it's a cronjob.
     
  3. Metro2

    Metro2 Well-Known Member

    Joined:
    May 24, 2006
    Messages:
    376
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Thanks very much for the response, I'll check crons.
     
Loading...

Share This Page